CSO Security Standard, lesson three: Intelligent threat management works

Miami International Holdings CSO John Masserini discusses his efforts to achieve intelligent threat management.

Intelligent threat management is an abstract concept. But understanding and harnessing it will be critical going forward, Miami International Holdings CSO John Masserini told attendees at the CSO Security Standard this morning.

He noted some of the benefits:

--Correlation of events over time provides in-depth understanding of actual or perceived threats.

--Layering actual events over the threat model makes for better rationalization of potential risks.

--Historical analysis of threats over time provides great business cases for future endeavors.

--Intelligent threat management cuts down on FUD generated by today's headlines.

Intelligent threat management isn't just about technical threats, he said. Physical and environmental threats must be considered part of the overall strategy.

"One needs to consider their functional reliance on third parties and threats faced by business partners," he said. Meanwhile, he added, "Occupy-esque events can have a temporary tangential impact on the threat model. In these cases, legal and marketing teams provide insight or advance notice of threats."

He offered a couple tips toward achieving intelligent threat management, both aimed at generating cooperation between departments in a company:

--Exploit the competitive nature of your tech and business peers by providing comparative analysis between business units. "The competition is awesome," he said. "No one wants to come across as being the weakest in understanding events around them. No one wants to come in last." Therefore, he said, those peers will be more eager to share information and break down the silos between them.

--Develop executive-focused monthly management reports to articulate the current threat state and proactive measures to deal with it. These reports will give everyone the big picture of what their company faces and how they can help improve security.

Copyright © 2012 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022